From 6fb8bd795c3f40735ced3f51b8082f91956fd786 Mon Sep 17 00:00:00 2001
From: Eli Schwartz <eschwartz@archlinux.org>
Date: Tue, 5 Jun 2018 12:48:53 -0400
Subject: Update release script to generate detached signatures and checksum
 files

This is more usable for programmatically checking the validity of a
release.

Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
---
 scripts/bb_release | 22 +++++-----------------
 1 file changed, 5 insertions(+), 17 deletions(-)

(limited to 'scripts')

diff --git a/scripts/bb_release b/scripts/bb_release
index 8aa380438..2e146bf84 100755
--- a/scripts/bb_release
+++ b/scripts/bb_release
@@ -15,20 +15,8 @@ VERSION=`ls busybox-*.tar.gz | sed 's/busybox-\(.*\)\.tar\.gz/\1/'`
 
 zcat busybox-$VERSION.tar.gz | bzip2 > busybox-$VERSION.tar.bz2
 
-test -f busybox-$VERSION.tar.gz || { echo "no busybox-$VERSION.tar.gz"; exit 1; }
-test -f busybox-$VERSION.tar.bz2 || { echo "no busybox-$VERSION.tar.bz2"; exit 1; }
-
-signit()
-{
-echo "$1 released `date -r $1 -R`
-
-MD5:  `md5sum $1`
-SHA1: `sha1sum $1`
-
-To verify this signature, you can obtain my public key
-from http://busybox.net/~vda/vda_pubkey.gpg
-" | gpg --clearsign > "$1.sign"
-}
-
-signit busybox-$VERSION.tar.gz
-signit busybox-$VERSION.tar.bz2
+for releasefile in busybox-$VERSION.tar.gz busybox-$VERSION.tar.bz2; do
+    test -f $releasefile || { echo "no $releasefile"; exit 1; }
+    gpg --detach-sign $releasefile
+    sha256sum $releasefile > $releasefile.sha256
+done
-- 
cgit v1.2.3